Cybersecurity Manager, GRC

This GRC role in fulfillment of internal and regulatory requirement to ensure compliance with sector-wide and enterprise-wide cybersecurity policies, standards and procedures.

Main Responsibilities :

• Oversee the development, testing, and maintenance of cybersecurity measures to safeguard both IT and OT Critical Information Infrastructure (CII) and Non CII assets
• Formulate cybersecurity policies and procedures for IT and OT systems, ensuring compliance with regulatory requirements, including the Cybersecurity Code of Practice (CCoP 2.0)
• Conduct security audits, vulnerability assessments and risk assessment and checks to ensure security controls are in place and are functioning properly and working with regulatory bodies to ensure organisation meets cybersecurity standards
• Conduct CII penetration test, red / purple teaming exercise on a regular basis ensuring organisation Business Continuity Plan (BCP) and Disaster Restoration Plan (DRP) are well documented and communicated
• Identify emerging threats and vulnerabilities, and recommend appropriate controls and solutions for implementation to enhance cybersecurity posture
• Liaising with cybersecurity vendors in conducting relevant assessments to fulfil regulatory requirements
• Plan and implement budgeted cybersecurity projects based on business requirements
• Develop and implement sector-wide cybersecurity oversight programme to ensure compliance with cybersecurity policies
• Review waiver and non-compliance of cybersecurity policy and procedures and carry out users engagements to ensure compliance
• Work closely with internal and external stakeholders on regularly review and enhance cybersecurity incident response plans and playbooks to achieve cybersecurity readiness
• Conduct cybersecurity exercises
• Educate users on cybersecurity security, providing training to employees and contractors on cybersecurity policy, standards and procedures

Requirements :